Skip to main content

Zendesk hacked – Tumblr, Pinterest, Twitter user email addresses stolen


Tumblr has sent out emails to its users notifying them of a security breach. However, the issue isn’t Tumblr’s system’s fault, as the hack can be traced back to Zendesk, the email and contact support client that Tumblr and a handful of other social applications use.  Pinterest and Twitter are also suffering at the Zendesk security failure. 

The security vulnerability has been patched up already, Zendesk wrote in a blog post. But the damage has been done already: The hacker downloaded the email addresses of people who emailed Twitter, Tumblr, and Pinterest support. The only silver lining is that users’ passwords are safe and sound.

Related Videos

If you’re a Tumblr user and ever contacted its support team via email in the past 2.5 years since Tumblr has been using Zendesk Tumblr says that there’s a good chance that you’ve been affected. These are the warning words Tumblr had for users. 

“This (security breach) has potentially exposed records of subject lines and, in some cases, email addresses of messages sent to Tumblr Support. While much of this information is innocuous, please take some time today to consider the following:

The subject lines of your emails to Tumblr Support may have included the address of your blog which could potentially allow your blog to be unwillingly associated with your email address.

Any other information included in the subject lines of emails you’ve sent to Tumblr Support may be exposed. We recommend you review any correspondence you’ve addressed to,,,,, or

Tumblr will never ask you for your password by email. Emails are easy to fake, and you should be suspicious of unexpected emails you receive.”

The last point is critical. Phishing is a common attack conducted via email to dupe recipients into clicking on malicious links, opening up tainted attachments, or asking them to divulge personal information. Now any emails you might receive that look similar to a Tumblr address but seem suspicious for whatever reasons should be approached with serious caution. The email that Pinterest and Twitter has sent out also reaffirms that its users shouldn’t divulge their account information, especially passwords.

Fortunately for Twitter, the social network is using DMARC, Domain-based Message Authentication, so that email providers including AOL, Gmail, Outlook, and Yahoo! Mail, can flag and delete any emails that are trying to mimic a company’s real email address. So if you’ve emailed Twitter support before, the hacker probably has access to your email address, but with DMARC in place, any efforts to contact and phish for your information should be curbed. Let’s just hope that Tumblr and Pinterest follow suit.

Editors' Recommendations

Twitter will soon be a bit less irritating for many people
Twitter logo in white stacked on top of a blue stylized background with the Twitter logo repeating in shades of blue.

With or without Elon Musk at the helm, Twitter can’t seem to decide what it wants to do with its algorithmic timeline, currently branded as “for you,” which shows tweets it thinks you'll like, whether or not you follow the tweeter.

For years it’s been messing about not only with the algorithm but also with the extent to which it forces the timeline on users.

Read more
Elon Musk says Twitter will launch pricier Blue tier free of ads
A digital image of Elon Musk in front of a stylized background with the Twitter logo repeating.

Elon Musk said on Sunday that Twitter is planning to offer a higher-priced Blue subscription that will have zero ads.

Musk, who acquired Twitter in October 2022 in a deal worth $44 billion, didn’t say how much the new tier will cost, nor when it will launch.

Read more
Twitterrific shuts down after being blocked by Twitter
The Twitterrific bird.

The maker of Twitterrific, a third-party Twitter app for macOS and iOS that launched in 2007 and came to the iPhone before Twitter itself, has been left with no choice but to close it down.

In a message posted on its website on Thursday, The Iconfactory, Twitterrific's developer, said: "We are sorry to say that the app’s sudden and undignified demise is due to an unannounced and undocumented policy change by an increasingly capricious Twitter -- a Twitter that we no longer recognize as trustworthy nor want to work with any longer.”

Read more